On Sep 7, 2008, at 12:18 AM, Randy Bush wrote:
normally i would have just hit delete. but your ad hominem attack on the messenger need a response.
the reality of life is that he is correct in that "attack traffic comes from legitimate IP sources anyway."
therefore, your first duty should be to keep your hosts from joining the massive army of botnets.
Having no hosts, I can't do much about that other than use various good best practices (including BCP38), run ids units looking for compromised hosts, and respond quickly to each abuse report if my IDS doesn't observe it first. Given that I know of no provider larger than us using BCP38 on every port, and no other provider larger than us that responds to every abuse report, it would appear that we are top of the class in that aspect. Therefore, when someone says "I don't need to do BCP38" because BCP38 doesn't cause problems for them, I consider them a jerk. And yeah, I feel pretty confident looking down my nose at someone like that. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness